Penetration Test Monitoring Server and System

1. A penetration test monitoring system, comprising: an attacking host for performing a hacking exercise that launches attacks on a target website and generating a first attack report based on results of the attacks on the target website; a monitoring server electrically connected to the target website and the attacking host and including: a virtual platform includes one or more virtual machines, wherein the virtual platform carries software tools used by the attacking host to perform the hacking exercise and provides a virtual account for the attacking host to perform the hacking exercise on the target website through the virtual platform after logging in to said one or more virtual machines through the virtual account; and an analysis platform electrically corrected to the virtual platform, recording the hacking exercise executed on the virtual platform by the attacking host, and receiving the first attack report; a monitoring host electrically connected to the monitoring server and the attacking host, monitoring the attacking host, generating a second attack report based on the results of the attacks on the target website, and transmitting the second attack report to the analysis platform; and a risk assessment host that is electrical connected to the monitoring host, performing an After Action Review (AAR) according to the first attack report, the second attack report, and the results of the hacking exercise, and generating a comprehensive security report based on results of the AAR.

2. The penetration test monitoring system as claimed in claim 1 , wherein the comprehensive security report is generated by the risk assessment host according to the first attack report, the second attack report, and record information, wherein, the record information is generated by the virtual platform according to network transmission contents during the hacking exercise.

3. The penetration test monitoring, system as claimed in claim 2 , wherein the monitoring host is set in the monitoring server.

4. The penetration test monitoring system as claimed in claim 3 , wherein the second attack report is generated by the monitoring host after port mirroring and analysis according to a security protocol.

5. A penetration test monitoring server, electrically connected to a target website and an attacking host and a monitoring host, the server comprising: a virtual platform includes one or more virtual machines, wherein the virtual platform carrying software tools used by the attacking host to perform a hacking exercise and providing a virtual account for the attacking host to perform the hacking exercise on the target website through the virtual platform after logging in to said one or more virtual machines through the virtual account; an analysis platform electrically connected to the virtual platform for recording the hacking exercise executed on the virtual platform by the attacking host and receiving a first attack report; wherein the penetration test monitoring server is connected to a risk assessment host through the monitoring host, and the risk assessment host performs an After Action Review (AAR) according to the first attack report, a second attack report, and results of the hacking exercise, and generates a comprehensive security report based on results of the AAR.

6. The penetration test monitoring server as claimed in claim 5 , wherein the AAR includes: step one: determining whether successful attacks recorded in the reports respectively generated by the attacking host, the monitoring host and the target website are different from one another, recording security weaknesses that the attacking host attacks, and comparing whether the target website is at risk of being attacked in the security weaknesses; step two: according to data of step one, checking whether the information related to the security of the target website, security information and event management (SIEM) and the security monitoring center (SOC) are sufficient and effective.